Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2024-11 | May 3, 2024

Third-Party Relationships: A Guide for Community Banks

To

Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Summary

The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) today published Third-Party Risk Management: A Guide for Community Banks.

Note for Community Banks

This guide is designed for community banks. Although the guide discusses community bank relationships, the content may be useful for banks of any size.1

Highlights

The guide

  • assists community banks when developing and implementing their third-party risk management practices.
  • provides potential considerations, resources, and examples through each stage of the third-party risk management life cycle.

Background

Community banks engage with third parties to help the banks compete in and respond to an evolving financial services landscape. Third-party relationships can offer community banks access to new technologies, risk management tools, human capital, delivery channels, products, services, and markets. Reliance on third parties, however, reduces a bank’s direct operational control over activities and may introduce new risks or increase existing risks. Due to the varied risks associated with third-party relationships, it is important for community banks to appropriately identify, assess, monitor, and control these risks and ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.

This guide serves as a resource for bank management in accordance with the principles communicated in the “Interagency Guidance on Third-Party Relationships: Risk Management”2 and “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks.”3 The guide does not anticipate all types of third-party relationships or risks and should not be viewed as all-inclusive. Use of the guide is voluntary, and the relevance of specific information within the guide depends on the bank’s size, complexity, and risk profile, and the nature of the specific third-party relationship.

Further Information

Please contact Tamara Culler, Director for Governance and Operational Risk Policy, Operational Risk Policy Division, at (202) 649-6550.

 

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Related Link

1 "Banks" refers collectively to national banks, federal savings associations, covered savings associations, and federal branches and agencies of foreign banking organizations.

2 For more information, refer to OCC Bulletin 2023-17, “Interagency Guidance on Third-Party Relationships: Risk Management.”

3 For more information, refer to OCC Bulletin 2021-40, “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks.”

Topic(s):